Smart Card Technology and Security
The self-containment of Smart Card makes them resistant to attack as they
do not need to depend upon potentially vulnerable external resources.
Because of this, Smart Cards are often used in
which require strong security protection and authentication.
Technology and security are strongly related. Crackers find sophisticated ways to get at supposedly secure data on cards => Manufacturers have to come up with more sophisticated locks and keys on cards => Crackers come up with better techniques to bypass these ... thus forming an infinite improvement loop, with both sides driving each other to use and invent better technology.
There are four different aspects of the Smart Card security:
Communication with the outside world
A Smart Card and a Card Accepting Device (CAD) communicate via means of small data packets called APDUs (Application Protocol Data Units). The following characteristics of this interaction make it harder for third parties to attack the system successfully:
- Small bit rate (9600 bits per second) using a serial bi-directional transmission line (ISO standard 7816/3),
- half duplex mode for sending the information (data only travels in one direction at a time)
- The communication follows a sophisticated protocol, described below.
However, every external
device communicating with the card makes it more vulnerable
to attack via the communication link.
The Smart Card and the CAD use an mutual active authentication
protocol to identify each other. The card generates a random number and sends it to the CAD, which encrypt the number with a shared encryption key before returning it to the card. The card then compares the returned result with its own encryption. The pair may then perform the operation in reverse.
Once communication is established, each message between the pair is verified through a message authentication code. This is a number that is calculated based on the data itself, an encryption key, and a random number. If data has been altered (for any reason, including transmission errors) message must be retransmitted. Alternatively, if the chip has sufficient memory and processing power, the data can be verified through a digital signature.
The most common encryption
methods are symmetric DES (Data Encryption Standard), 3DES (triple DES)
and public key RSA (Rivest-Shamir-Adleman's algorithm), allowing up 56,
168, and 1024 bit long keys, respectively. Unfortunately, these keys are not unbreakable, as explained by Ross Anderson and Markus Kuhn in their book `Design
Principles for Tamper-Resistant Smart Card Processors'. The pair managed to crack the Dallas DS5002FP Secure Microcontroller, described at the time by one European signals intelligence agency as the most secure processor available on general sale. They used brute force methods on a PC enhanced with a couple of hundred dollars of extra hardware!
Cards and CADs communicate via a special instruction set. For example, the Schlumberger Reflex 60 instruction set contains:
||Gets reader type and activate reader
||Sets reader with ICC communication parameters
||Turns card power ON
||Turns card power OFF
||Sends RESET signal to card
||Gets reader-card status
||Sends one byte to reader
||Sends data block to reader
||Makes reader resend last data block
||Gets reader capabilities
||Activate reader-dependent features
All data and passwords on a card are stored in the EEPROM and can be erased or modified by an unusual voltage supply. Therefore
some security processors implemented sensors for environmental changes. However, since it is difficult to find the right level of sensitivity and there
is a voltage fluctuation when the power is supplied to the card, this method
is not widely used. Other successful attacks methods include heating the
controller to a high temperature or focusing the UV light on the EEPROM,
thus removing the security lock. Invasive physical attacks are the most
destructive when the card is cut and processor removed. Then the layout of the chip can be reverse
Power Analysis (DPA), is a statistical attack on a cryptographic algorithm
which compares an hypothesis with a measured outcome and is often capable of extracting an encryption key from a smart card or other
computing device. Simple Power Analysis (SPA), the direct analysis of
the recorded power data to determine actions and data, is also useful.
Several technologies have been developed to protect Smart Cards. These are
technologies of STMicroelectronics
against SPA/DPA attacks:
Technology barrier. Advanced 0.6 micron technology greatly reduces
the size and power consumption of cards as well as the relative variations
in their operating parameters. This makes it very hard for external SPA/DPA methods to distinguish between normal card fluctuations and data-related fluctuations.
Clock fluctuation. A special Clock Software Management facility,
when properly used, results in highly variable software timing when the
embedded application program is executing.
Unpredictable behavior. A built-in timer with Interrupt capability
and an Unpredictable Number Generator is used to impose unpredictable
variations on software execution behavior, with consequent changes in the
pattern of power consumption.
Robust design. A modular design allows new hardware variations,
including custom variations, to be produced quickly and efficiently, thereby
allowing fast response to new attack scenarios.
Memory control for multi-applications. An enhanced Memory Access
Control system provides secure operating system support for multi-application
Security mechanisms and firmware functions. An enhanced set of security
mechanisms and firmware functions allow the application to detect and respond
appropriately to the occurrence of conditions that might indicate an attack.
These conditions include invalid operating conditions, bad opcodes, bad
addresses and violations of chip integrity; the possible responses include
interrupts, program reset, immediate erasure of all RAM data and flash
programming of the entire EEPROM array.
Data on Smart Cards is organized into a tree hierarchy. This has one master file (MF or root) which contains several
elementary files (EF) and several dedicated files (DF). DFs and MF correspond
to directories and EFs correspond to files, analogous to the hierarchy
in any common OS for PCs. However, these two hierarchies differ in that
DFs can also contain data. DF's, EF's and MF's header contains security
attributes resembling user rights associated with a file/directory in
a common OS. Any application can traverse
the file tree, but it can only move to a node if it has the appropriate rights.
Attributes (Access Rights)
There are five basic levels of access rights to a file (both DF and EF).
Some OS provide further levels.
Basic levels can be categorized, increasingly in security, as follows:
However, presenting a CHV2 does not suffice to access a file requiring
CHV1. CHV1 and CHV2 correspond to the two security PINs stored in the card:
one is a common user identification PIN and the other is a specific unblocking
PIN pre-stored in the card.
Always (ALW): Access of the file can be performed without any restriction.
Card holder verification 1 (CHV1): Access can only be possible when a
valid CHV1 value is presented.
Card holder verification 2 (CHV2): Access can only be possible when a
valid CHV2 value is presented.
Administrative (ADM): Allocation of these levels and the respective
requirements for their fulfilment are the responsibility of the appropriate
Never (NEV): Access of the file is forbidden.
The PINs are stored in separate elementary files, EFCHV1 and
EFCHV2 for example. The OS blocks the card after a wrong
PIN is entered several consecutive times. The number of times is fixed and depends
on the OS. Once blocked, the card can only be unblocked with a specific
unblocking PIN stored in the card. The unblocking PIN can become blocked
in the same way. If this happens, card is said to be in irreversible
blockage and may have to be scrapped for security reasons.
If the PIN is blocked, the attribute of every file is changed to require
CHV1. After the unblocking PIN is presented, the file attributes are returned to normal, the counter for the PIN is set back
to its maximal value and the counter for the unblocking PIN is decremented. If the latter counter reaches zero, it cannot be used for unblocking the PIN any more. This provides additional security for the card.
Software producers also contribute to the Smart Card security - they should
provide their products with properly encrypted data and transfers. To help
them achieve this goal, hardware-based or OS-based instructions and libraries
supporting advanced cryptographic algorithms have been developed.
Most attacks today are classified as class 3 attacks, which
means that either the costs associated to break the system are far more than the
cost of the system itself, or that the cracker has to spend several or hundred years
of computing power to break into a single transaction. Technology is developing
faster than cracker methods. Therefore, each new generation of technology
usually prevents attacks that the previous generation was vulnerable to.